Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Alot of DNS requests slowing internet connection

Status
Not open for further replies.
blubomber

blubomber

MIS
Dec 27, 2001
241
US
I have two DNS servers on my network where i work. I am also running a win2k AD. My main DC/DNS server is sending out alot of strange DNS requests to my ISP's DNS servers. So many that it is slowing the internet access for my users. I have a Firebox 700 controlling access to my network. When i stop the DNS server service on my main DNS server, the DNS traffic returns to normal.

I scanned the server for spyware and trojans. Did not find any trojans and found a few spyware. After clearing the spyware, the problem did not stop. I have been doing Ethereal Captures and found the the website requests are random and some websites aren't real or cant be reached.

Any suggestions as to what too look for? How can i trouble shoot further this problem? I currently have the service running but blocked outgoing DNS requests from the problem server.
 
Sort by date Sort by votes
Uninstall all unnecessary software

Did you run Spybot (add spybots hosts file), Adware, Spyblaster, Ms antispy or better still Counterspy (sunbelt software) from safemode. You may have a variant which is too new for the scanners to pick up. Malware should not be getting into a server unless safe browsing practices are not being used.

Manually go through the registry to remove old useless entries, under Hkey_local_machine\software

........................................
Chernobyl disaster..a must see pictorial
 
Upvote 0 Downvote
You may have a client PC that has a virus/trojan...etc that is querying you DNS server who inturns forwards those requests out to the ISP. Start by turning on Debug logging which is a tab on the DNS server properties inside the DNS MMC.
 
Upvote 0 Downvote
I appologize for not replying sooner.

I found out that the problem was coming from one of our branch offices. It was coming from a domain controler that is a child domain to our main office. I had the DNS servers at the main property setup as forewarders for the remote DC/DNS server. After disabling the DNS services on the remote server, the problems stopped. I ran all the good spyware programs along with ativirus and did not find anything. The problem server's DNS log tells me that it is having poblems with some forewarders and to remove them form the list. Well, the ip addresses were not on the forewarders list. So i am not sure if there is a trojan on there somewhere that i just cant get rid of.

I have since installed another DNS server and have AD using it as well as the other computers on the network. Keeping the DNS service disabled on the problem computer. In a few weeks i am going to get rid of the child domain and merge it with the parent domain. Then i can just reformat the problem DC and deploy it elswhere.

thank you for the replies.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
10K
KenMeans
KenMeans
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
11K
technome
technome
tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
13K
tbright
tbright
Richard Carter
  • Locked
  • Question
Set up BIND on DNS server for local home server
Replies
0
Views
10K
Richard Carter
Richard Carter
rvirene
  • Locked
  • Question
MS DNS / Powershell Script Question
Replies
2
Views
11K
rvirene
rvirene

Part and Inventory Search

Sponsor

Back
Top